OpenSynergy GmbH

OpenSynergy provides embedded software products for the next generation of vehicles. Their hypervisor and communication products pave the way for an integrated driving experience.

The virtualization platform COQOS Hypervisor SDK supports the convergence of software-based vehicle functions with different requirements on safety and security. It is designed for multi-display cockpit controllers, smart antennae, or powerful domain controllers. It uses a mix of AUTOSAR technology and open solutions, such as Linux and Android.

OpenSynergy’s communication stacks allow the wireless connection between the car and the cloud or between the car and mobile devices. OpenSynergy’s Blue SDK is the reference Bluetooth® implementation for many OEMs around the world.

Functional Safety related services

First hypervisor complying to the new version of ISO 26262.

OpenSynergy has developed a hypervisor – the COQOS Hypervisor. This type-1 hypervisor has been designed as a low-complexity embedded hypervisor especially fitting to automotive applications. It allows customers to build highly compartmentalized systems that can be tailored to the specific requirements. It follows the multi-kernel architecture of the Armv8 architecture and takes advantage of the hardware virtualization of the SoC using this architecture. The safety properties strongly rely on a systems supervisor component. TÜV SÜD has confirmed that the hypervisor complies to the applicable requirements of ISO 26262:2018 with a level of integrity set at ASIL B.

The hypervisor runs directly on the SoC application cores (at the highest privilege level) and creates several virtual machines (VMs). Each VM is isolated from the others and this separation (ISO 26262 calls it “freedom from interference”) supports some of the key integration requirements. The hypervisor supports the controlled interaction between the VMs and devices on the SoC and communication between the VMs.

The COQOS Hypervisor targets the specific needs of automotive devices such as a cockpit controller. COQOS Hypervisor is highly configurable so that customers can for example:

  • Change the number of VMs
  • Assign to physical cores and temporal behavior
  • Connect VIA inter-VM communication channels
  • Grant access rights of VMs to devices
  • Use it as security features of the hardware

It is minimalist in its design and therefore is small, fast, and certifiable.

TÜV certified Safety Concept for a Linux-based cockpit controller

OpenSynergy’s Safety Concept for a Linux-based cockpit controller is based on COQOS Hypervisor SDK.

Most of the information that is rendered on the instrument cluster display underlies higher requirements on the availability, quality-of-service, and boot-times but still does not underlie any formal safety requirements. A small part of the information that is rendered on some displays is subject to functional safety requirements (according to ISO 26262).

Typically, these are warning signs that alert the driver to a malfunction in the car, for example airbag failure, brakes, ABS, or engine failure warnings. Another example of these warning signs would be a dangerous driving situation, coming from a driver assistance system. Most OEMs give this function an ASIL level.

Functional Safety resources

OpenSynergy utilize trained personnel and specific technical resources in the development of functionally safe products. The Quality Department is responsible for the independent confirmation that product development complies or surpasses industry safety standards when relevant. This includes the administration and improvement of a Quality Management System that provides the knowledge for safe development of SEooC software to Automotive Safety Integrity Level D. Regular training in the use of the QMS is provided to the engineers. The toolchain for safety projects comprises certified and qualified tools that comply with the Tool Confidence requirements of ISO26262:2018. Also, engineers working on safety relevant development support specialist consultants as necessary.